API Security Review Skill
技能 活跃API security checklist for reviewing endpoints before deployment. Use when creating or modifying API routes to ensure proper authentication, authorization, and input validation.
To ensure API endpoints adhere to security best practices by providing a comprehensive checklist and concrete implementation examples for developers.
功能
- API security checklist for pre-deployment review
- Code examples for authentication and authorization
- Guidance on input validation and output safety
- Best practices for security logging and error handling
- Framework-specific implementations (Next.js, Express, FastAPI, Django)
使用场景
- Before merging API changes in a PR
- When creating new API endpoints
- During security audits of API routes
- To ensure secure data handling and access control
非目标
- Implementing the security controls directly
- Replacing dedicated security auditing tools
- Providing platform-specific deployment guidance
实践
- API Security
- Secure Coding
- Input Validation
- Authorization
- Authentication
Trust
- info:Issues AttentionThere were 4 issues opened and 0 closed in the last 90 days, indicating a low level of recent issue engagement.
Versioning
- warning:Release ManagementThere is no clear versioning signal (e.g., SKILL.md frontmatter version, GitHub release tags, or CHANGELOG.md), and installation instructions point to 'main'.
安装
npx skills add bobmatnyc/claude-mpm-skills通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
类似扩展
Netlify Identity
100用于身份验证、用户注册、登录、密码恢复、OAuth 提供商、基于角色的访问控制或保护路由和函数。始终使用 `@netlify/identity`。切勿使用 `netlify-identity-widget` 或 `gotrue-js` — 它们已弃用。
Auth0 Express OAuth2 JWT Bearer
100Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Aws Cdk Development
100AWS Cloud Development Kit (CDK) 专家,用于使用 TypeScript/Python 构建云基础设施。在创建 CDK 堆栈、定义 CDK 构造、实现基础设施即代码,或当用户提及 CDK、CloudFormation、IaC、cdk synth、cdk deploy,或希望以编程方式定义 AWS 基础设施时使用。涵盖 CDK 应用结构、构造模式、堆栈组合和部署工作流。
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Better Auth Integrations
99Better Auth framework integrations for TypeScript. Use when wiring route handlers in Next.js, SvelteKit, Remix, Express, Hono, or other web frameworks.